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DETAILED ACTION 

1 . This action is responding to application papers filed 6-26-2003. 

2. Claims 39 - 63 are pending. Claims 1 - 38 have been canceled. Claims 39, 
48, 56 are independent. 

3. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

4. Claims 39, 48, 56 are rejected under 35 U.S.C. 1 12, second paragraph, 37 CFR 
1.75(a), as being indefinite forfaiting to particularly point out and distinctly claim the 
subject matter, which applicant regards as the invention. 

Claims 39, 48, 56 refer to the term "minimar, which is an indefinite term with no 
clear and precise meaning. The Examiner is interpreting "minimar as if the term 
were not present. Appropriate action is required. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 103(a) 
that form the basis for the rejections under this section made in this Office action: 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United 



Application/Control Number: 10/607.673 Page 3 

Art Unit: 2192 

States only if the international application designated the United States and was published under 
Article 21(2) of such treaty in the English language. 

6. Claims 39-41, 43, 44, 48 - 50, 52, 53, 56, 60, 62, 63 are rejected under 35 
U.S.C. 103(a) as being anticipated by Barry et al. (US Patent No. 6,615,258) in view 
of Hughes (US Patent No. 6,957,330). 

Regarding Claim 39, Barry discloses a metliod for applying personal infomnation in 
the use of public data services comprising: 

a) verifying a user's identity, (see Bany col. 4, lines 34-40: authenticate or verify a 
user's identity; col. 14, lines 2-4: single sign-on for access to services) 



Barry discloses wherein user input and locations on a public network where said 
user input is used, connection information with user's identity (see Barry coL 8, 
lines 52-58: information or records attached to user's entitlement based on user's 
identity), storage and retrieval of information accessible on a public network (see 
Barry col. 4, lines 29-33: public accessible network, Internet; col. 18, lines 30-36: 
distributed database for storage of services management), and whereby personal 
information needed to use public data services may be recalled with minimal 
maintenance burden, (see Barry col. 8, lines 54-58; col. 54, lines 31-35; col. 54, 
lines 45-49: user information stored within cache for rapid and easy access with 
minimal maintenance burden) Barry does not explicitly disclose creating one or 
more new records. 
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However, Hughes discloses: 

b) creating one or more records, (see Hughes col. 4, lines 31-33: produce or 
create data set(s) or record(s) for usage) 

c) connecting said records with said user's identity, (see Hughes col. 3, lines 29- 
31 : data set(s) or record(s), attachment to user's identity previously defined) 

d) storing said records so that they are accessible on a network, (see Hughes col. 
4, lines 12-17; coL 4, lines 37-40: storage of data set(s) or record(s)) and 

e) retrieving at least one of said records, whereby personal information needed to 
use public data services may be recalled with minimal maintenance burden, 
(see Hughes col. 6, line 65 - col.7, line 3: access information or retrieving of 
data set(s) or record(s)) 

It would have been obvious to one of ordinary skill in the art to have modified 
Barry as taught by Hughes to enable the generation or records, and storage of data 
sets or records for secure storage and retrieval. One of ordinary skill in the art 
would have been motivated to employ the teachings of Matyas in order to enable 
the capability to securely store information, flexibility in controlling access to 
information, and access group membership modifiable without a requirement for 
access to storage device, (see Hughes col. 1 , lines 20-23: "... ability to store 
secure information on one or more untrusted storage devices that allows flexibility 
in controlling apcess to the information. Access should be permitted based on 
combinations of client groups. Membership in these groups should be modifiable 
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without requiring access to ttie storage device containing the encrypted information 

Regarding Claims 40, 49, Barry discloses including entry of some or all of the user 
input tliat has been retrieved and decrypted, (see Barry coL 4. lines 48-54: user 
interface for entry of user input; col. 8, lines 44-48; col. 8, lines 50-52: encryption and 
decryption capabilities for messaging information during network communications) 

Regarding Claims 41, 50, Barry discloses creating records comprising user input and 
locations on a public data network where said user input is used includes creating 
records comprising Web service sign-on procedures and Unifomi Resource Locators, 
(see Barry col. 4, lines 33-35: logon or sign-on procedures for web services; col. 13, 
lines 61-65: URL addressing utilized for location of services or application server) 

Regarding Claims 43, 52, Barry discloses creating records comprising user input and 
locations on a public data network where said user input is used includes creating 
records comprising recorded user input sequences and Uniform Resource Locators, 
(see Barry col. 4, lines 48-54: user interface for user input or request; col. 13, lines 61- 
65: URL addressing utilized for location of services or application server) 

Regarding Claims 44, 53, Barry discloses creating records comprising user input and 
locations on a public data network where said user input is used includes creating 
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records comprising directly entered user input sequences and Unifomn Resource 
Locators, (see Barry col. 4, lines 48-54: user interface for user input or request; col. 
13, lines 61-65: URL addressing utilized for location of services or application server) 

Regarding Claim 48, Ban^ discloses a method for applying personal infonnation in 
the use of public data services comprising: 

a) verifying a user's identity, (see Barry col. 4, lines 34-40: authenticate or verify a 
user's identity) 

Barry discloses wherein comprising user input and locations on a public data 
network where said user input is used (see Barry col. 4, lines 29-33: public network, 
Internet; col. 8, lines 50-58: message or input and information or records stored 
within cache storage), connecting the encrypted records with said user's identity, 
(see Barry col. 8, lines 52-58: information or records attached to user's entitlement 
or identity), storing said encrypted records so that they are accessible on a public 
data network, retrieving at least one of said encrypted records, (see Barry col. 8, 
lines 54-58; col. 54, lines 31-35; col. 54, lines 45-49: user infonnation stored in a 
cache for rapid and easy access), and decrypting (see Barry col. 8, lines 50-52; 
decryption utilized) some or all of the encrypted records that have been retrieved, 
whereby personal information needed to use public data services may be recalled 
with minimal maintenance burden and a high degree of privacy, (see Barry col. 8, 
lines 54-58; col. 54, lines 31-35; col. 54, lines 45-49: user infonnation stored in a 
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cache for minimal maintenance burden, encryption for privacy) (see Barry col, 18, 
lines 30-36: distributed database) Barry does not explicitly disclose creating one or 
more new records. 
However, Hughes discloses: 

b) creating records, (see Hughes col. 4, lines 31-33: produce or create data set(s) 
or record(s) for usage) 

c) encrypting said records, (see Hughes col. 4, lines 31-33; col. 6, lines 53-55: 
encrypting data set(s) or record(s)) 

d) connecting the encrypted records with said user's identity, (see Hughes col. 3, 
lines 29-31 : data set(s) or record(s), attachment to user's identity previously 
defined) 

e) storing said encrypted records so that they are accessible on a public data 
network, (see Hughes col. 4, lines 12-17; col. 37-40: storing data set(s) or 
record(s)) 

f) retrieving at least one of said encrypted records, (see Hughes col. 6, line 65 - 
col.7, line 3: access information or retrieving of data set(s) or record(s)) and 

g) decrypting some or all of the encrypted records that have been retrieved, (see 
Hughes col. 6, line 65 - col. 7, line 3; col. 3, lines 10-14: decrypting data set(s) 
record (s)) 

It would have been obvious to one of ordinary skill in the art to have modified 
Barry as taught by Hughes to enable the generation and storage of data sets or 
records for secure storage and retrieval. One of ordinary skill in the art would have 
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been motivated to employ the teacliings of Matyas in order to enable the capability 
to securely store infomiation, flexibility in controlling access to information, and 
access group membership modifiable without a requirement for access to storage 
device, (see Hughes col. 1 , lines 20-23) 

Regarding Claim 56, Barry discloses a computing system for applying personal 
information in the use of public data services comprising: 

a) a client processor comprising software (see Barry col. 6, lines 44-45: client; col. 
6, lines 55-65: software implementation) which creates records comprising user 
input and locations on a public data network where said user input is used (see 
Barry col. 4, lines 29-33: public network, Internet; col. 8, lines 50-58: message 
or input and information or records stored within cache storage), and software 
(see Barry col. 6, lines 44-45; col. 6, lines 55-65: software implementation) 
which connects said records with a user's identity, (see Barry coL 8, lines 52- 
58: information or records attached to user's entitlement or identity) 

b) a server processor comprising software which verifies said user's identity, 
software (see Barry col. 6, lines 44-45: server; col. 6, lines 55-65: software 
implementation) which stores said records, and software which retrieves one or 
more of said records when requested, (see Barry col. 54, lines 45-49: retrieve 
user entitlement information to determine user access based on request) 

c) a public network (see Barry col. 4, lines 43-40: public network, Internet) 
providing communication between said server processor and said client 
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processor, whereby personal information needed to use public data services 
may be recalled with minimal maintenance burden, (see Barry col. 8, lines 54- 
58; col. 54, lines 31-35; col. 54, lines 45-49: cache for recall of service 
information with minimal maintenance burden) 
It would have been obvious to one of ordinary skill in the art to have modified 
Barry as taught by Hughes to enable the generation and storage of data sets or 
records for secure storage and retrieval. One of ordinary skill in the art would have 
been motivated to employ the teachings of Matyas in order to enable the capability 
to securely store information, flexibility in controlling access to information, and 
access group membership modifiable without a requirement for access to storage 
device, (see Hughes col. 1 , lines 20-23) 

Regarding Claim 60, Barry discloses wherein software (see Barry col. 6, lines 44-45; 
col. 6, lines 55-65: software implementation) which creates records comprising user 
input and locations on a public data network where said user input is used includes 
software which associates one or more pairs of Web service sign-on procedures and 
Uniform Resource Locators, (see Barry col. 4, lines 33-38: web service logon or sign- 
on procedures; col. 13, lines 61-65: URL addressing utilized for services or application 
server) 

Regarding Claim 62, Barry discloses wherein software (see Barry col. 6, lines 44-45; 
col. 6, lines 55-65: software implementation) which creates records comprising user 
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input and locations on a public data network where said user input is used includes 
software which associates one or more pairs of recorded user input sequences and 
Uniform Resource Locators, (see Barry col. 54, lines 31-35: map user input within 
cache with application server or service; coL 13, lines 61-65: URL addressing utilized 
for services or application server) 

Regarding Claim 63, Barry discloses wherein software (see Barry col. 6, lines 44-45; 
col. 6, lines 55-65: software implementation) which creates records comprising user 
input and locations on a public data network where said user input is used includes 
software which associates one or more pairs of directly entered user input sequences 
and Uniform Resource Locators, (see Bany col. 4, lines 48-54: user interface for 
directly entered input, request/response; col. 13. lines 61-65: URL addressing utilized 
for services or application server) 

7. Claims 42, 51, 61 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Barry-Huglies and further in view of Nambiar et al. (US PGPUB No. 
20020128977). 

Regarding Claims 42, 51 , Barry discloses the method of claims 39 and 48 wherein 
creating records comprising user input and locations on a public data network where 
said user input is used includes creating records comprising Web service entry data 
and Uniform Resource Locators, (see Barry col. 4. lines 29-33: public network, 
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Internet; col. 8, lines 50-58: message input of information or records stored; col. 13, 
lines 61-65: URL addressing utilized for location of services or application server) 
Barry does not specifically disclose the processing of purchase order type information 
or entry records. However, Nambiar discloses wherein creating records comprising 
Web service purchase order entry data, (see Nambiar paragraph [0028], lines 1-8: 
web service provided by server; paragraph [0020], lines 3-10; paragraph [0020], lines 
14-18; paragraph [0024], lines 6-13: purchase order, obtain and process infomnation 
required to complete purchase) 

It would have been obvious to one of ordinary skill in the art to have modified 
Barry as taught by Nambiar to enable the capability to process purchase order records 
for computerized transactions. One of ordinary skill in the art would have been 
motivated to employ the teachings of Nambiar in order to enable the completion of a 
more safe, secure, and expedient computerized transaction, (see Nambiar paragraph 
[0002], lines 1-7: " ...a method and system for conducting a more secure and efficient 
computer-facilitated transaction. Specifically, this invention implements an improved 
user authentication process, to facilitate a more safe, secure and expedient 
computerized transaction. 

Regarding Claim 61, Barry discloses the computing system of claim 56 wherein 
software (see Barry col. 6, lines 44-45; col. 6, lines 55-65: software implementation) 
which creates records comprising user input and locations on a public data network 
where said user input is used includes software which associates one or more pairs of 
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Web service entry data and Uniform Resource Locators, (see Barry col. 14, lines 4-8: 
associate application or service with public interface, URL address; col. 13, lines 61- 
65: URL addressing utilized for location of services or application server) Barry does 
not specifically disclose the processing of purchase order type infomiation or entry 
records. However, Nambiar discloses wherein Web service purchase order entry data, 
(see Nambiar paragraph [0028], lines 1-8: web service provided by server; paragraph 
[0020], lines 3-10; paragraph [0020], lines 14-18; paragraph [0024], lines 6-13: 
purchase order, obtain and process infomiation required to complete purchase) 

It would have been obvious to one of ordinary skill in the art to have modified 
Barry as taught by Nambiar to enable the capability to process purchase order records 
for computerized transactions. One of ordinary skill in the art would have been 
motivated to employ the teachings of Nambiar in order to enable the completion of a 
more safe, secure, and expedient computerized transaction within a network 
environment, (see Nambiar paragraph [0002], lines 1-7) 

8. Claims 45, 57 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Barry-Hughes and further in view of Matyas et al. (US PGPUB No. 6,947,556). 

Regarding Claims 45, 57, Ban7 and Matyas combination discloses verifying a user's 
identity comprises entry of a passphrase. (see Matyas col. 13, lines 28-32: 
authentication server; col. 12, lines 36-41: passphrase authentication procedure 
utilized) 



Application/Control Number: 10/607,673 Page 13 

Art Unit: 2192 

It would have been obvious to one of ordinary skill in the art to have modified 
Bany as taught by Matyas to enable the utilizing of a passphrase for authentication. 
One of ordinary skill in the art would have been motivated to employ the teachings of 
Matyas in order to enable mechanisms for providing secure file and secure file access, 
(see Matyas col. 1 , lines 20-23: "... awareness among the public as to the privacy of 
digitally stored data, much attention has been focused on mechanisms for providing 
secure files and/or file access. ... col. 1, lines 53-55: "... methods, systems and 
computer program products which provide for controlling access to digital data in a file 
by encrypting the data ..,") 

9. Claims 46, 47, 54, 55, 58, 59 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Barry-Hughes and further in view of Sands et al. (US PGPUB No. 
20040148526). 

Regarding Clainns 46, 54, Barry discloses the method of claims 39, 48 wherein 
verifying a user's identity comprises checking data, (see Barry col. 4, lines 34-40: 
verify user identity based on entered logon entry) Barry does not specifically disclose 
the capability to check data on a portable device for user authentication. However, 
Sands discloses wherein verifying a user's identity comprises checking data on a 
portable memory device possessed by said user, (see Sands paragraph [0013], lines 
1-8: biometric data; paragraph [0049], lines 8-12: portable device or smart card utilized 
to authenticate with biometric data) 
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It would have been obvious to one of ordinary skill in the art to have modified 
Barry as taught by Sands to enable the usage of biometric data obtained from a 
portable device utilized for user identification. One of ordinary skill in the art would 
have been motivated to employ the teachings of Sands in order to enable the 
implementation of a flexible authentication policy allowing the authentication 
procedures to be altered based on security conditions, (see Sands paragraph [0019], 
lines 4-8: "... authentication policy is flexible and allows the biometric authentication 
procedure implemented at any given computer or location within the network to be 
altered based on security conditions. 

Regarding Claims 47, 55, Barry discloses the method of claims 39, 48 wherein 
verifying a user's identity, (see Barry col. 4. lines 34-40: verify user identity based on 
entered logon entry) Barry does not specifically disclose the comparison of one or 
more physical characteristics of biometric data on a portable device. However, Sands 
discloses wherein verifying a user's identity comprises comparing one or more of the 
physical characteristics of said user to biometric data stored on a portable memory 
device possessed by said user, (see Sands paragraph [0007], lines 1-7; paragraph 
[0008], lines 1-7; paragraph [0013], lines 1-8: biometric data; paragraph [0024], lines 1- 
7: physical characteristics utilized for biometric data) 

It would have been obvious to one of ordinary skill in the art to have modified 
Barry as taught by Sands to enable the usage of biometric data obtained from a user's 
physical characteristics utilized for authentication. One of ordinary skill in the art 
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would have been motivated to employ the teachings of Sands in order to enable the 
implementation of a flexible authentication policy allowing the authentication 
procedures to be altered based on security conditions, (see Sands paragraph [0019], 
lines 4-8) 

Regarding Claim 58, Bany discloses the computing system of claim 56 wherein 
software which verifies said user's identity, (see Barry col. 6, lines 44-45; col. 6, lines 
55-65: software implementation; col. 4, lines 34-40: verify user identity based on 
entered logon entry) Barry does not specifically disclose the capability to check data 
on a portable device for user authentication. However, Sands discloses wherein 
verification of said user's identity checks data on a portable memory device possessed 
by said user, (see Sands paragraph [0013], lines 1-8: biometric data; paragraph 
[0049], lines 8-12: portable device or smart card utilized to authenticate with biometric 
data) 

It would have been obvious to one of ordinary skill in the art to have modified 
Ban7 as taught by Sands to enable the usage of biometric data obtained from a 
portable device utilized for user identification. One of ordinary skill in the art would 
have been motivated to employ the teachings of Sands in order to enable the 
implementation of a flexible authentication policy allowing the authentication 
procedures to be altered based on security conditions, (see Sands paragraph [0019], 
lines 4-8) 
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Regarding Claim 59, Barry discloses the computing system of claim 56 wherein 
software which verifies said user's identity, (see Barry col. 6, lines 44-45; col. 6, lines 
55-65: software implementation; col. 4, lines 34-40: verify user identity based on 
entered logon entry) Barry does not specifically disclose the comparison of physical 
characteristics of biometric data on a portable device. However, Sands discloses 
wherein verification of said user's identity includes software which compares one or 
more of the physical characteristics of said user to biometric data stored on a portable 
memory device possessed by said user, (see Sands paragraph [0013], lines 1-8: 
biometric data; paragraph [0049], lines 8-12: portable device or smart card utilized to 
authenticate with biometric data) 

It would have been obvious to one of ordinary sl^ill in the art to have modified 
Barry as taught by Sands to enable the usage of biometric characteristics for user 
authentication. One of ordinary skill in the art would have been motivated to employ 
the teachings of Sands in order to enable the implementation of a flexible 
authentication policy allowing the authentication procedures to be altered based on 
security conditions, (see Sands paragraph [001 9], lines 4-8) 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carlton Johnson whose telephone number is 571-270- 
1032. The examiner can normally be reached Monday through Friday from 8:00AM to 
5:00PM. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, David Robertson, can be reached on 571-272-4186. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273-8300. 

Infomiation regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more infomiation about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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